freebsd security - Oct 2017 - Crypto overhaul

On 29/10/17 8:36 am, Eric McCorkle wrote:
> On 10/28/2017 09:15, Poul-Henning Kamp wrote:
>> --------
>> In message <20171028123132.GF96685 at kduck.kaduk.org>, Benjamin
Kaduk writes:
>>
>>> I would say that the 1.1.x series is less bad, especially on the
last count,
>>> but don't know how much you've looked at the differences in
the new branch.
>> While "less bad" is certainly a laudable goal for OpenSSL, I
hope
>> FreeBSD has higher ambitions.
>>
> I'm curious about your thoughts on LibreSSL as a possible option.
what gives any evidence as to it being any better?
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"

On 10/30/2017 04:05, Julian Elischer wrote:
> On 29/10/17 8:36 am, Eric McCorkle wrote:
>> On 10/28/2017 09:15, Poul-Henning Kamp wrote:
>>> --------
>>> In message <20171028123132.GF96685 at kduck.kaduk.org>,
Benjamin Kaduk
>>> writes:
>>>
>>>> I would say that the 1.1.x series is less bad, especially on
the
>>>> last count,
>>>> but don't know how much you've looked at the
differences in the new
>>>> branch.
>>> While "less bad" is certainly a laudable goal for
OpenSSL, I hope
>>> FreeBSD has higher ambitions.
>>>
>> I'm curious about your thoughts on LibreSSL as a possible option.
> 
> what gives any evidence as to it being any better?
At least as about its first year and a half, LibreSSL had a markedly
better track record than OpenSSL (zero high-severity CVEs vs 5 from
OpenSSL, about half as many mid- and low-security CVEs).